PT-2012-5465 · Apache+4 · Apache Tomcat+4

Dmitry Kukushkin

Published

2012-10-19

Updated

2017-09-19

CVE-2012-4534

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.35 Apache Tomcat versions 7.0.0 through 7.0.27

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This occurs when the NIO connector is used in conjunction with sendfile and HTTPS, and the connection is terminated during the reading of a response.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.35, update to version 6.0.36 or later. For Apache Tomcat versions 7.0.0 through 7.0.27, update to version 7.0.28 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CESA-2013_0623

CVE-2012-4534

HPSBUX02866

RHSA-2013:0266

RHSA-2013:0623

RHSA-2013_0623

Affected Products

Apache Tomcat

Centos

Hp-Ux

Red Hat

Suse

PT-2012-5465 · Apache+4 · Apache Tomcat+4

CVE-2012-4534

Weakness Enumeration

Related Identifiers

Affected Products

References · 53